Attack Science: DDoS (Part 2)

3、 ... and . How to deal with DDoS attack ？

Behavior ： Choose

choose IDC Or virtual machine , To see if there is a temporary increase in bandwidth , Advanced defense services , Redundancy, etc . The knowledge of this information can help solve some problems in case of an attack .

Behavior ： testing

Conduct performance test before purchasing the machine , Regularly test business services , Know how much pressure the current structure can withstand . For e-commerce websites , Double 11 is a time DDOS, Know how much compression resistance can be used to increase the redundancy of the machine according to these data , Know what you know .

At ordinary times, the comprehensive flow can be reserved according to the data 30% Resources for , In case of service crash caused by sudden small peak access .

Behavior ： appropriate

Configuration of system and software , You can't just 65535, This can easily lead to failure . If the machine can only support 3000, Then configure it 3000, You can't get in any more , At present, it will only be slower .

Optimize ： Kernel optimization

The kernel can control tcp Some mechanisms of the protocol , For example, when the link times out, you give up the link , Setting shorter will slightly disable those half syn attack , Another example is enabling TIME-WAIT state sockets Rapid recycling of , This can cope with large concurrent traffic , One tcp The link will be released quickly after termination .

You can see Kernel details

Optimize ：web Server optimization

in the light of WEB Modification of service configuration , At present, it only indicates nginx Of , You can set the client connection hold session timeout , Beyond that time , The server disconnects the link and so on , According to the performance test ,web Server optimization will bring more significant results .

You can see nginx Detailed instructions You can view the differences before and after optimization Before and after optimization

Software ： The blacklist

Facing the hooligans in the hot pot shop , I got angry and put them on file , And forbid them to enter the shop , But sometimes people who look like him will be forbidden to enter the shop . This is to set up a blacklist , What this method adheres to is “ Kill a thousand by mistake , Not a hundred ” Principles , Will block normal traffic , Affecting normal business .

image nginx Set the largest one in ip Concurrent access 20 It's forbidden , Not very good either , Because some companies use a forward proxy server to access , Or the company just exports ip, That one ip Maybe a company uses , More than 20 Concurrent .

And if you set a blacklist on the server , It will consume server resources , Come in a link to compare once , It is better to replace it with a hardware firewall .

To configure ：CDN Speed up

We can understand that ： To reduce rogue harassment , I just opened the hot pot shop online , Take out service , So hooligans can't find where the shop is , No more hooligans . In reality ,CDN The service allocates website traffic to each node , On the one hand, it hides the reality of the website IP, On the other hand, even if you encounter DDoS attack , Traffic can also be distributed to each node , Prevent the origin from crashing .

At the same time, each node has cached static pages , In this way, if the attacker does not randomly visit multiple pages of the website , Will be able to better undertake attacks .

To configure ： Try to use static pages

DDOS Is exhausting resources （ bandwidth , Memory of the server ,cpu,tcp Link number ）, If the home page or some pages are static as much as possible html page , If you click on something and switch to a dynamic page , Will be able to better undertake DDOS attack , If the home page is a dynamic page , Every time the form is parsed and queried, it will cost a lot of performance .

Hardware ： Advanced defense server

Take the Chongqing hotpot restaurant I opened as an example , High defense server is that I added two security guards to Chongqing hot pot store , These two security guards can protect the shop from being harassed by hooligans , And will patrol around the shop regularly to prevent rogue harassment . Advanced defense server mainly refers to independent hard defense 50Gbps The servers above , Can help website denial of service attack , Scan the main node of the network regularly , It's a good thing , It's expensive ~

Hardware ：DDoS cleaning

DDos cleaning , It's just a few minutes after I found out that the guests came in , But I never order , I'll kick him out of the store .

DDoS Cleaning will monitor the data requested by users in real time , Discover in time DOS Attack and other abnormal traffic , Clean out these abnormal flows without affecting normal business development .

Hardware ： Increase bandwidth

Now most of them use cloud , That means dynamic capacity expansion , image nginx High concurrency , Most of the time it's not memory or cpu Full of , But the bandwidth is not enough . Then you can buy bandwidth to improve when it comes

If it's a real machine , There's nothing we can do about it , image idc Being attacked is not easy to handle , It's better to go to advanced defense

Hardware ：LSB Load balancing

If it's alicloud , Can be in the domain name DNS Fill in more than LSB The address of , Every LSB Provide 5G The flow of cleaning , In this way, you can resist a big attack . Pass normal access to back-end services . Attack popular science ：DDos